package com.example.config;

import com.example.entity.po.Admin;
import com.example.service.AdminService;
import org.apache.shiro.authc.*;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.subject.PrincipalCollection;
import org.apache.shiro.util.ByteSource;
import org.springframework.beans.factory.annotation.Autowired;

public class UserRealm extends AuthorizingRealm {

    @Autowired
    AdminService adminService;

    @Override
    protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {
        System.out.println("执行了授权");
        return null;
    }

    @Override
    protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
        System.out.println("执行了认证");
        //这个token于Controller类中的登录方法中的token方法有关联
        UsernamePasswordToken userToken= (UsernamePasswordToken) token;
        //连接数据库
        Admin admin=adminService.queryAdmin(userToken.getUsername());
        //如果没有这个人，抛出异常 UnknownAccountException
        if (admin==null){
            return null;
        }
        //可以加密 MD5加密 MD5盐值加密
        //密码认证，shiro做,加密
        return new SimpleAuthenticationInfo(admin.getAdminAccount(),admin.getAdminPwd(), ByteSource.Util.bytes(("children")),this.getName());
    }
}
